I appreciate the principled stand, but on the other hand the CA law only requires users to self-identify when setting up accounts (and then the OS will expose age to apps), that seems fairly toothless (though wrongheaded) compared to TX and UT wanting to scan photo IDs[1]
"Toothless" unless you're an app, website or platform developer, then you're given an enormous liability burden even if you strictly adhere to age signals and censor everything accordingly:
> (3) (A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.
> (B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.
Turns out the age signal is not enough. Liability-wise, you'll probably be doing face and/or ID scans, too, even if the law doesn't explicitly call for it.
Developers will just implement the strictest state's censorship and age verification schemes for everyone, which has already happened. My state has no age verification laws, yet platforms, and even Android itself, are trying to get me to scan my face and dox myself to use them. I can't even look at spicy tweets online without verifying my age with the X app, they're censored for my own protection.
> I appreciate the principled stand, but on the other hand the CA law only requires users to self-identify when setting up accounts (and then the OS will expose age to apps).
It is narrower than that. It only applies to accounts whose user is a child and is the primary user of the device.
See section 1798.500 (i) which says [1]:
(i) “User” means a child that is the primary user of the device.
If that's what they wanted there is no reason not to start with laws like the TX and UT laws. You need the boiling the frog when you are trying to push the evelope.
Wdym? The reason is that people would oppose the TX and UT laws harder in California. Everyone is calm now in CA because "oh it's just an age dropdown guys!!"
But once the infrastructure is built give it a few years it's not going to be a dropdown. And it will not be able to be bypassed in the same way you can't bypass permissions on iOS and Android today.
To be clear, the Texas law only applies to mobile app stores, not the operating system, and there is no requirement to scan photo ID, just the vague,” commercially reasonable method of verification.”
I don't want to feed my biometrics and identity into AI companies' models so they can train on them for free and then sell facial recognition systems to the government.
Except for the fact that my age is now a piece of information that any tracking pixel or web malware can access at all times to de-anonymize me, even in incognito mode. But maybe that can be solved by collapsing all ages above 18 to just 18. Not sure if that violates the wording of the law though.
That is the wording of the California law, IIRC. The age brackets are under 13, 13-16, 16-18, and over 18. It also requires the OS to provide only the minimum information necessary to comply with the law, and only when necessary to comply with the law.
What can I show to 16-18 year olds that I can't show to 13-16 year olds?
The real meat of the law is requiring websites and applications to comply with this signal. Which would be one good reason why there are so many categories of seeming little difference. This then gives them the opportunity to fine and harass developers out of business for the most minor of infractions or instances of mislabeling.
I don’t really see the need for the line at 16, it seems like they ought to be able to push that line up or down and simplify the brackets.
But, the state doesn’t actually have an incentive to fine and harass their tax base out of business. I don’t think they made it over-complicated on purpose, I think lawmakers just over-estimate our capacity to understand laws.
Keep in mind that as people age out of the 16-18 bracket, their age will be established fairly precisely. And that this information is spread by data brokers, and may follow them forever.
But the "fact" that I told the OS I was 99yr old might be the data they're getting? To anyone who's setting up their own machine, it will be effectively optional: if you just want to make sure you fall in the "adult" bracket, you will tell the OS you're 25 (even if you're 13... or 99...). For kids whose parents are setting up devices, it could be an actual headache (assuming they're honest), but in that sense it's like a lot of other nannyware solutions, probably clunky, but possibly not all bad?
Other nannyware solutions don't force apps, sites and platforms to spend money to censor themselves by law lest they be fined, or worse, which IMO, is all bad.
> (3) (A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.
> (B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.
Turns out the age signal is not enough. Liability-wise, you'll probably be doing face and/or ID scans, too, even if the law doesn't explicitly call for it.
Developers will just implement the strictest state's censorship and age verification schemes for everyone, which has already happened. My state has no age verification laws, yet platforms, and even Android itself, are trying to get me to scan my face and dox myself to use them. I can't even look at spicy tweets online without verifying my age with the X app, they're censored for my own protection.